AMENDMENTS TO THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims 
in the application: 



1 1 . (Currently amended) A method for managing a database system, 

2 wherein the database system has a plurality of administrators, comprising: 

3 receiving a command to perform an administrative function involving an 

4 object defined within the database system; 

5 determining if the object is a sensitive object that is associated with 

6 security functions in the database system, wherein the sensitive object is encrypted 

7 in the database system, wherein the sensitive object can include a sensitive row 

8 within a table in the database system, wherein the sensitive row contains sensitive 

9 data, and wherein other rows in the table need not contain sensitive data; 

10 wherein the sensitive object is an object that represents a sensitive user of 

1 1 the database system who is empowered to access sensitive data; 

12 wherein at least one of the plurality of administrators is a security officer 



13 who can perform administrative functions on sensitive objects; 

14 wherein an administrator in the plurality of administrators who is not a 

15 security officer cannot perform administrative functions on sensitive objects; 

16 wherein an administrator in the plurality of administrators who is not a 

1 7 security officer cannot become a sensitive user and thereby obtain access to 

1 8 sensitive objects indirectly; 

19 if the object is not a sensitive object, and if the command to perform an 

20 administrative is received from an administrator who is not a security officer, 

21 allowing the administrative function to proceed; and 

22 if the object is a sensitive object, and if the command is received from an 

23 administrator who is not a security officer, disallowing the administrative 

24 function. 
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1 2. (Previously presented) The method of claim 1, further comprising: 

2 receiving a request to perform an operation on a data item in the database 

3 system; 

4 if the data item is a sensitive data item containing sensitive information 

5 and if the request is received from a sensitive user who is empowered to access 

6 sensitive data, allowing the operation to proceed if the sensitive user has access 

7 rights to the sensitive data item; and 

8 if the data item is a sensitive data item and the request is received from a 

9 user who is not a sensitive user, disallowing the operation. 

1 3. (Original) The method of claim 2, wherein if the data item is a sensitive 

2 data item, if the operation is allowed to proceed, and if the operation involves 

3 retrieval of the data item, the method further comprises decrypting the data item 

4 using an encryption key after the data item is retrieved. 

1 4. (Original) The method of claim 3, wherein the encryption key is stored 

2 along with a table containing the data item. 

1 5. (Original) The method of claim 4, wherein the encryption key is stored 

2 in encrypted form. 

1 6 (Canceled). 

1 7. (Original) The method of claim 1 , wherein if the object is not a sensitive 

2 object, and if the command to perform the administrative function is received 

3 from a security officer, the method further comprises allowing the security officer 

4 to perform the administrative function on the object. 
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1 8. (Original) The method of claim 1 5 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 9. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method for managing a database system, wherein the database system has a 

4 plurality of administrators, the method comprising: 

5 receiving a command to perform an administrative function involving an 

6 object defined within the database system; 

7 determining if the object is a sensitive object that is associated with 

8 security functions in the database system, wherein the sensitive object is encrypted 

9 in the database system, wherein the sensitive object can include a sensitive row 

10 within a table in the database system, wherein the sensitive row contains sensitive 

1 1 data, and wherein other rows in the table need not contain sensitive data; 

12 wherein the sensitive object is an object that represents a sensitive user of 

13 the database system who is empowered to access sensitive data; 

14 wherein at least one of the plurality of administrators is a security officer 

1 5 who can perform administrative functions on sensitive objects; 

16 wherein an administrator in the plurality of administrators who is not a 

17 security officer cannot perform administrative functions on sensitive objects; 

1 8 wherein an administrator in the plurality of administrators who is not a 

1 9 security officer cannot become a sensitive user and thereby obtain access to 

20 sensitive objects indirectly; 
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21 if the object is not a sensitive object, and if the command is received from 

22 an administrator who is not a security officer, allowing the administrative function 

23 to proceed; and 

24 if the object is a sensitive object, and if the command is received from an 

25 administrator system who is not a security officer, disallowing the administrative 

26 function. 

1 10. (Previously presented) The computer-readable storage medium of 

2 claim 9, wherein the method further comprises: 

3 receiving a request to perform an operation on a data item in the database 

4 system; 

5 if the data item is a sensitive data item containing sensitive information 

6 . and if the request is received from a sensitive user who is empowered to access 

7 sensitive data, allowing the operation to proceed if the sensitive user has access 

8 rights to the sensitive data item; and 

9 if the data item is a sensitive data item and the request is received from a 
10 user system who is not a sensitive user, disallowing the operation. 



1 11. (Original) The computer-readable storage medium of claim 1 0, 

2 wherein if the data item is a sensitive data item, if the operation is allowed to 

3 proceed, and if the operation involves retrieval of the data item, the method 

4 further comprises decrypting the data item using an encryption key after the data 

5 item is retrieved. 

1 12. (Original) The computer-readable storage medium of claim 11, 

2 wherein the encryption key is stored along with a table containing the data item. 
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1 13. (Original) The computer-readable storage medium of claim 12, 

2 wherein the encryption key is stored in encrypted form. 

1 14 (Canceled). 

1 15. (Original) The computer-readable storage medium of claim 9, wherein 

2 if the object is not a sensitive object, and if the command to perform the 

3 administrative function is received from a security officer, the method further 

4 comprises allowing the security officer to perform the administrative function. 

1 16. (Original) The computer-readable storage medium of claim 9, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 1 7. (Currently amended) An apparatus for managing a database system, 

2 wherein the database system has a plurality of administrators, comprising: 

3 a command receiving mechanism that is configured to receive a command 

4 to perform an administrative function involving an object defined within the 

5 database system; 

6 an execution mechanism that is configured to, 

7 determine if the object is a sensitive object that is 

8 associated with security functions in the database system, wherein 

9 the sensitive object is encrypted in the database system, wherein 

10 the sensitive object can include a sensitive row within a table in the 

1 1 database system, wherein the sensitive row contains sensitive data, 
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12 and wherein other rows in the table need not contain sensitive data, 

13 wherein the sensitive object is an object that represents a sensitive 

14 user of the database system who is empowered to access sensitive 

15 data; 

16 wherein at least one of the plurality of administrators is a security officer 

1 7 who can perform administrative functions on sensitive objects; 

18 wherein an administrator in the plurality of administrators who is not a 

19 security officer cannot perform administrative functions on sensitive objects; 

20 wherein an administrator in the plurality of administrators who is not a 

21 security officer cannot become a sensitive user and thereby obtain access to 

22 sensitive objects indirectly; 

23 allow the administrative function to proceed, if the object is 

24 not a sensitive object, and if the command is received from an 

25 administrator who is not a security officer, and to 

26 disallow the administrative function, if the object is the 

27 sensitive object, and if the command is received from an 

28 administrator who is not a security officer. 

1 18. (Previously presented) The apparatus of claim 1 7, 

2 wherein the command receiving mechanism is configured to receive a 

3 request to perform an operation on a data item in the database system; 

4 wherein the execution mechanism is configured to, 

5 allow the operation to proceed, if the data item is a 

6 sensitive data item, if the request is received from a sensitive user 

7 who is empowered to access sensitive data, and if the sensitive user 

8 has access rights to the sensitive data item, and to 
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9 disallow the operation, if the data item is a sensitive data 

10 item, and if the request is received from a user who is not a 

1 1 sensitive user. 

1 19. (Original) The apparatus of claim 18, further comprising a decryption 



2 mechanism, wherein if the data item is a sensitive data item, if the operation is 

3 allowed to proceed, and if the operation involves retrieval of the data item, the 

4 decryption mechanism is configured to decrypt the data item using an encryption 

5 key after the data item is retrieved 



1 20. (Original) The apparatus of claim 19, wherein the encryption key is 

2 stored along with a table containing the data item. 

1 21 . (Original) The apparatus of claim 20, wherein the encryption key is 

2 stored in encrypted form. 

1 22 (Canceled). 

1 23. (Original) The apparatus of claim 17, wherein if the object is not a 

2 sensitive object, and if the command to perform the administrative function is 

3 received from a security officer, the execution mechanism is configured to allow 

4 the security officer to perform the administrative function. 

1 24. (Original) The apparatus of claim 17, 

2 wherein the database system includes a number of sensitive data items; 

3 and 
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4 
5 



wherein only specific sensitive users are allowed to access a given 
sensitive data item. 



1 25. (Currently amended) A method for managing a database system, 

2 comprising: 

3 receiving a command to perform an administrative function involving an 

4 object defined within the database system; 

5 determining if the object is a sensitive object that is associated with 

6 security functions in the database system, wherein the sensitive object is an object 

7 that represents a sensitive user of the database system who is empowered to access 

8 sensitive data; 

9 wherein at least one of the plurality of administrators is a security officer 

10 who can perform administrative functions on sensitive objects; 

11 wherein an administrator in the plurality of administrators who is not a 

12 security officer cannot perform administrative functions on sensitive objects; 

1 3 wherein an administrator in the plurality of administrators who is not a 

14 security officer cannot become a sensitive user and thereby obtain access to 

1 5 sensitive objects indirectly; 

16 if the object is not a sensitive object, and if the command is received from 

17 a database administrator who is not a security officer, allowing the administrative 

1 8 function to proceed; and 

19 if the object is a sensitive object, and if the command is received from a 

20 system administrator who is not a security officer, disallowing the administrative 

21 function. 

1 26. (Previously presented) The method of claim 25, further comprising: 
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2 receiving a request to perform an operation on a data item in the database 

3 system; 

4 if the data item is a sensitive data item containing sensitive information 

5 and if the request is received from a sensitive user who is empowered to access 

6 sensitive data, allowing the operation to proceed if the sensitive user has access 

7 rights to the sensitive data item; and 

8 if the data item is a sensitive data item and the request is received from a 

9 user who is not a sensitive user, disallowing the operation. 

1 27. (Previously presented) The method of claim 26, wherein if the data 

2 item is a sensitive data item, if the operation is allowed to proceed, and if the 

3 operation involves retrieval of the data item, the method further comprises 

4 decrypting the data item using an encryption key after the data item is retrieved. 

1 28. (Previously presented) The method of claim 27, wherein the encryption 

2 key is stored along with a table containing the data item. 

1 29. (Previously presented) The method of claim 28, wherein the encryption 

2 key is stored in encrypted form. 

1 30. (Previously presented) The method of claim 25, wherein the sensitive 

2 object can include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 
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1 31. (Previously presented) The method of claim 25, wherein if the object is 

2 not a sensitive object, and if the command to perform the administrative function 

3 is received from a security officer, the method further comprises allowing the 

4 security officer to perform the administrative function on the object. 

1 32. (Previously presented) The method of claim 25, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 33. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method for managing a database system, the method comprising: 

4 receiving a command to perform an administrative function involving an 

5 object defined within the database system; 

6 determining if the object is a sensitive object that is associated with 

7 security functions in the database system, wherein the sensitive object is an object 

8 that represents a sensitive user of the database system who is empowered to access 

9 sensitive data; 

10 wherein at least one of the plurality of administrators is a security officer 

1 1 who can perform administrative functions on sensitive objects; 

12 wherein an administrator in the plurality of administrators who is not a 

13 security officer cannot perform administrative functions on sensitive objects; 

14 wherein an administrator in the plurality of administrators who is not a 

1 5 security officer cannot become a sensitive user and thereby obtain access to 

1 6 sensitive obj ects indirectly; 
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17 if the object is not a sensitive object, and if the command is received from 

18 a database administrator who is not a security officer, allowing the administrative 

1 9 function to proceed; and 

20 if the object is a sensitive object, and if the command is received from a 

21 system administrator who is not a security officer, disallowing the administrative 

22 function. 

1 34. (Previously presented) The computer-readable storage medium of 

2 claim 33, wherein the method further comprises: 

3 receiving a request to perform an operation on a data item in the database 

4 system; 

5 if the data item is a sensitive data item containing sensitive information 

6 and if the request is received from a sensitive user who is empowered to access 

7 sensitive data, allowing the operation to proceed if the sensitive user has access 

8 rights to the sensitive data item; and 

9 if the data item is a sensitive data item and the request is received from a 
10 user who is not a sensitive user, disallowing the operation. 

1 35. (Previously presented) The computer-readable storage medium of 

2 claim 34, wherein if the data item is a sensitive data item, if the operation is 

3 allowed to proceed, and if the operation involves retrieval of the data item, the 

4 method further comprises decrypting the data item using an encryption key after 

5 the data item is retrieved. 

1 36. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein the encryption key is stored along with a table containing the 

3 data item. 
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1 37. (Previously presented) The computer-readable storage medium of 

2 claim 36, wherein the encryption key is stored in encrypted form. 



1 38. (Previously presented) The computer-readable storage medium of 

2 claim 33, wherein the sensitive object can include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 

1 39. (Previously presented) The computer-readable storage medium of 

2 claim 33, wherein if the object is not a sensitive object, and if the command to 

3 perform the administrative function is received from a security officer, the method 

4 further comprises allowing the security officer to perform the administrative 

5 function. 

1 40. (Previously presented) The computer-readable storage medium of 

2 claim 33, 

3 wherein the database system includes a number of sensitive data items; 

4 and 

5 wherein only specific sensitive users are allowed to access a given 

6 sensitive data item. 

1 41. (Currently amended) An apparatus for managing a database system, 

2 comprising: 

13 

GCW X:\Oracle Corporation\OR00-14001\Amendment F OR00- 14001 .doc 



3 a command receiving mechanism that is configured to receive a command 

4 to perform an administrative function involving an object defined within the 

5 database system; 

6 wherein at least one of the plurality of administrators is a security officer 

7 who can perform administrative functions on sensitive objects; 

8 wherein an administrator in the plurality of administrators who is not a 

9 security officer cannot perform administrative functions on sensitive objects; 

10 wherein an administrator in the plurality of administrators who is not a 

1 1 security officer cannot become a sensitive user and thereby obtain access to 

12 sensitive objects indirectly; 

1 3 an execution mechanism that is configured to, 

14 determine if the object is a sensitive object that is 

1 5 associated with security functions in the database system, wherein 

16 the sensitive object is an object that represents a sensitive user of 

17 the database system who is empowered to access sensitive data, 

1 8 allow the administrative function to proceed, if the object is 

19 not a sensitive object, and if the command is received from an 

20 administrator who is not a security officer, and to 

21 disallow the administrative function, if the object is a 

22 sensitive object, and if the command is received from an 

23 administrator who is not a security officer. 

1 42. (Previously presented) The apparatus of claim 41 , 

2 wherein the command receiving mechanism is configured to receive a 

3 request to perform an operation on a data item in the database system; 

4 wherein the execution mechanism is configured to, 
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5 allow the operation to proceed, if the data item is a sensitive data item, if 

6 the request is received from a sensitive user who is empowered to access sensitive 

7 data, and if the sensitive user has access rights to the sensitive data item, and to 

8 disallow the operation, if the data item is a sensitive data item, and if the 

9 request is received from a user who is not a sensitive user. 

1 43. (Previously presented) The apparatus of claim 42, further comprising a 

2 decryption mechanism, wherein if the data item is a sensitive data item, if the 

3 operation is allowed to proceed, and if the operation involves retrieval of the data 

4 item, the decryption mechanism is configured to decrypt the data item using an 

5 encryption key after the data item is retrieved 

1 44. (Previously presented) The apparatus of claim 43, wherein the 

2 encryption key is stored along with a table containing the data item. 

1 45. (Previously presented) The apparatus of claim 44, wherein the 

2 encryption key is stored in encrypted form. 

1 46. (Previously presented) The apparatus of claim 41, wherein the 

2 sensitive object can include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 
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47. (Previously presented) The apparatus of claim 41, wherein if the object 
is not a sensitive object, and if the command to perform the administrative 
function is received from a security officer, the execution mechanism is 
configured to allow the security officer to perform the administrative function. 

48. (Previously presented) The apparatus of claim 41, 

wherein the database system includes a number of sensitive data items; 

and 

wherein only specific sensitive users are allowed to access a given 
sensitive data item. 
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